On 10/28/2024 9:08 AM, Alexander Shishkin wrote:
> To prevent exploits for Spectre based on LAM as demonstrated by the
> whitepaper [1], make LAM depend on LASS, which avoids this type of
> vulnerability.
>
> [1] https://download.vusec.net/papers/slam_sp24.pdf
>
> Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
> ---
> arch/x86/kernel/cpu/cpuid-deps.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c
> index 3f73c4b03348..d9fb2423605e 100644
> --- a/arch/x86/kernel/cpu/cpuid-deps.c
> +++ b/arch/x86/kernel/cpu/cpuid-deps.c
> @@ -84,6 +84,7 @@ static const struct cpuid_dep cpuid_deps[] = {
> { X86_FEATURE_SHSTK, X86_FEATURE_XSAVES },
> { X86_FEATURE_FRED, X86_FEATURE_LKGS },
> { X86_FEATURE_LASS, X86_FEATURE_SMAP },
> + { X86_FEATURE_LAM, X86_FEATURE_LASS },
The dependencies listed in cpuid_deps[] are only enforced when a feature
such as LASS is explicitly disabled. If the system is missing LASS at
boot then LAM would still be enabled.
We would need this patch to enforce it:
https://lore.kernel.org/lkml/20241030233118.615493-1-sohil.mehta@intel.com/
Sohil